====== IPTABLES (firewall) ======
===== commands =====

|services iptable start | or stop, restart  |
|iptables -L | look at what the firewall thinks it is doing |
|iptables stop| |
|iptables -L INPUT | look at the input ports |
|/etc/init.d/iptables stop | |
|/sbin/iptables stop| |
| service iptables save | use this after iptables tweaked|
 \\ 
^  for localhost  ^
|iptables -A INPUT -s 127.0.0.1 -j ACCEPT|
|iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT|
 \\ 

For sendmail: open port 25 to receive input.
<code>
-A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A OUTPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
</code>

For POP3:

<code>
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 173.45.236.139 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 173.45.236.139 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
</code>
For IMAP:

<code>
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 173.45.236.139 --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 173.45.236.139 --sport 143 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
</code>

Reject ICMP requests:

<code>
iptables -A INPUT -p icmp -m state --state NEW -j DROP </code>

===== /etc/sysconfig/iptables =====
iptables = configuration for the firewall

The order of the lines in this file may be significant.  I'm not sure.
<code>
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2571:527834]
#
#
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -s 127.0.0.1/32 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
#
#  port 111 is used for RPCbind--it wasn't a good idea to close it ...
#
#-A INPUT -p tcp --dport 111 -j DROP
#-A INPUT -p tcp -s 127.0.0.1  --dport 111 -j ACCEPT
#
#
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
#
#
-A OUTPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT 
COMMIT
# 
</code>
===== udp port 5353 =====

/etc/services associates it with "Multicast DNS".